mirror of https://github.com/helm/helm
Helm 3: registry login/logout (#5597)
* login/logout placeholders Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com> * use latest oras Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com> * use docker auth system Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com> * working login+push Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com> * working on tests Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com> * fix typo in htpasswd Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com> * rename credsfile to config.json Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com> * add flags for username/password Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com> * disable logout test broken on linux Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com> * upgrade to oras 0.4.0 Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com> * re-enable logout test Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com> * panic for uncaught errors Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com> * move login/logout to new registry subcommand Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>pull/5681/head
parent
b1ae1acc8b
commit
a12a396aab
@ -0,0 +1,45 @@
|
||||
/*
|
||||
Copyright The Helm Authors.
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"io"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
|
||||
"helm.sh/helm/pkg/action"
|
||||
)
|
||||
|
||||
const registryHelp = `
|
||||
This command consists of multiple subcommands to interact with registries.
|
||||
|
||||
It can be used to login to or logout from a registry.
|
||||
Example usage:
|
||||
$ helm registry login [URL]
|
||||
`
|
||||
|
||||
func newRegistryCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "registry",
|
||||
Short: "login to or logout from a registry",
|
||||
Long: registryHelp,
|
||||
}
|
||||
cmd.AddCommand(
|
||||
newRegistryLoginCmd(cfg, out),
|
||||
newRegistryLogoutCmd(cfg, out),
|
||||
)
|
||||
return cmd
|
||||
}
|
@ -0,0 +1,134 @@
|
||||
/*
|
||||
Copyright The Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/docker/docker/pkg/term"
|
||||
"github.com/spf13/cobra"
|
||||
|
||||
"helm.sh/helm/cmd/helm/require"
|
||||
"helm.sh/helm/pkg/action"
|
||||
)
|
||||
|
||||
const registryLoginDesc = `
|
||||
Authenticate to a remote registry.
|
||||
`
|
||||
|
||||
func newRegistryLoginCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
|
||||
var usernameOpt, passwordOpt string
|
||||
var passwordFromStdinOpt bool
|
||||
|
||||
cmd := &cobra.Command{
|
||||
Use: "login [host]",
|
||||
Short: "login to a registry",
|
||||
Long: registryLoginDesc,
|
||||
Args: require.MinimumNArgs(1),
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
hostname := args[0]
|
||||
|
||||
username, password, err := getUsernamePassword(usernameOpt, passwordOpt, passwordFromStdinOpt)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return action.NewRegistryLogin(cfg).Run(out, hostname, username, password)
|
||||
},
|
||||
}
|
||||
|
||||
f := cmd.Flags()
|
||||
f.StringVarP(&usernameOpt, "username", "u", "", "registry username")
|
||||
f.StringVarP(&passwordOpt, "password", "p", "", "registry password or identity token")
|
||||
f.BoolVarP(&passwordFromStdinOpt, "password-stdin", "", false, "read password or identity token from stdin")
|
||||
|
||||
return cmd
|
||||
}
|
||||
|
||||
// Adapted from https://github.com/deislabs/oras
|
||||
func getUsernamePassword(usernameOpt string, passwordOpt string, passwordFromStdinOpt bool) (string, string, error) {
|
||||
var err error
|
||||
username := usernameOpt
|
||||
password := passwordOpt
|
||||
|
||||
if passwordFromStdinOpt {
|
||||
passwordFromStdin, err := ioutil.ReadAll(os.Stdin)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
password = strings.TrimSuffix(string(passwordFromStdin), "\n")
|
||||
password = strings.TrimSuffix(password, "\r")
|
||||
} else if password == "" {
|
||||
if username == "" {
|
||||
username, err = readLine("Username: ", false)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
username = strings.TrimSpace(username)
|
||||
}
|
||||
if username == "" {
|
||||
password, err = readLine("Token: ", true)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
} else if password == "" {
|
||||
return "", "", errors.New("token required")
|
||||
}
|
||||
} else {
|
||||
password, err = readLine("Password: ", true)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
} else if password == "" {
|
||||
return "", "", errors.New("password required")
|
||||
}
|
||||
}
|
||||
} else {
|
||||
fmt.Fprintln(os.Stderr, "WARNING! Using --password via the CLI is insecure. Use --password-stdin.")
|
||||
}
|
||||
|
||||
return username, password, nil
|
||||
}
|
||||
|
||||
// Copied/adapted from https://github.com/deislabs/oras
|
||||
func readLine(prompt string, silent bool) (string, error) {
|
||||
fmt.Print(prompt)
|
||||
if silent {
|
||||
fd := os.Stdin.Fd()
|
||||
state, err := term.SaveState(fd)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
term.DisableEcho(fd, state)
|
||||
defer term.RestoreTerminal(fd, state)
|
||||
}
|
||||
|
||||
reader := bufio.NewReader(os.Stdin)
|
||||
line, _, err := reader.ReadLine()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
if silent {
|
||||
fmt.Println()
|
||||
}
|
||||
|
||||
return string(line), nil
|
||||
}
|
@ -0,0 +1,43 @@
|
||||
/*
|
||||
Copyright The Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"io"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
|
||||
"helm.sh/helm/cmd/helm/require"
|
||||
"helm.sh/helm/pkg/action"
|
||||
)
|
||||
|
||||
const registryLogoutDesc = `
|
||||
Remove credentials stored for a remote registry.
|
||||
`
|
||||
|
||||
func newRegistryLogoutCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
|
||||
return &cobra.Command{
|
||||
Use: "logout [host]",
|
||||
Short: "logout from a registry",
|
||||
Long: registryLogoutDesc,
|
||||
Args: require.MinimumNArgs(1),
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
hostname := args[0]
|
||||
return action.NewRegistryLogout(cfg).Run(out, hostname)
|
||||
},
|
||||
}
|
||||
}
|
@ -0,0 +1,38 @@
|
||||
/*
|
||||
Copyright The Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package action
|
||||
|
||||
import (
|
||||
"io"
|
||||
)
|
||||
|
||||
// RegistryLogin performs a registry login operation.
|
||||
type RegistryLogin struct {
|
||||
cfg *Configuration
|
||||
}
|
||||
|
||||
// NewRegistryLogin creates a new RegistryLogin object with the given configuration.
|
||||
func NewRegistryLogin(cfg *Configuration) *RegistryLogin {
|
||||
return &RegistryLogin{
|
||||
cfg: cfg,
|
||||
}
|
||||
}
|
||||
|
||||
// Run executes the registry login operation
|
||||
func (a *RegistryLogin) Run(out io.Writer, hostname string, username string, password string) error {
|
||||
return a.cfg.RegistryClient.Login(hostname, username, password)
|
||||
}
|
@ -0,0 +1,38 @@
|
||||
/*
|
||||
Copyright The Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package action
|
||||
|
||||
import (
|
||||
"io"
|
||||
)
|
||||
|
||||
// RegistryLogout performs a registry login operation.
|
||||
type RegistryLogout struct {
|
||||
cfg *Configuration
|
||||
}
|
||||
|
||||
// NewRegistryLogout creates a new RegistryLogout object with the given configuration.
|
||||
func NewRegistryLogout(cfg *Configuration) *RegistryLogout {
|
||||
return &RegistryLogout{
|
||||
cfg: cfg,
|
||||
}
|
||||
}
|
||||
|
||||
// Run executes the registry logout operation
|
||||
func (a *RegistryLogout) Run(out io.Writer, hostname string) error {
|
||||
return a.cfg.RegistryClient.Logout(hostname)
|
||||
}
|
@ -0,0 +1,28 @@
|
||||
/*
|
||||
Copyright The Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package registry // import "helm.sh/helm/pkg/registry"
|
||||
|
||||
import (
|
||||
"github.com/deislabs/oras/pkg/auth"
|
||||
)
|
||||
|
||||
type (
|
||||
// Authorizer handles registry auth operations
|
||||
Authorizer struct {
|
||||
auth.Client
|
||||
}
|
||||
)
|
Loading…
Reference in new issue